Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebTV/MSNTV Virus Dials 911

Posted by timothy on from the well-it's-only-a-minor-emergency dept.

Semji Rkim writes: "Though not the first virus to direct modems at 911, ABC News is reporting a bug in WebTV (Now branded as MSNTV) units which causes the infected unit to hang-up and dial 911. The virus spreads via email and Microsoft officials are looking into how it is able to replicate and also control the modem. Affected users are advised to delete the email and call Microsoft at 1-800-469-3288."

15 of 515 comments (clear)

  1. This is serious by jandrese · · Score: 5, Insightful

    Tying up 911 lines costs lives. In many jurisdictions you can be fined for prank calling 911, especially if you are a repeat offender. WebTV users would be well advised to be very careful with their email until this problem is resolved.

    --

    I read the internet for the articles.
    1. Re:This is serious by rarose · · Score: 3, Insightful

      Yeah but at least Hayes *invented* the patent and used it to actually create product instead of being a Johnny-come-lately shake down artist.

      --
      --Rob
  2. Paradoxical... by httpamphibio.us · · Score: 1, Insightful

    How are users supposed to get the phone number for Microsoft Technical Support if they can't get online?

    --
    sig.
  3. Re:Liability? by t0qer · · Score: 3, Insightful

    You're saying it's MS's fault someone not an MS employee wrote this malicious code?

    If it's anyone's liability it comes down to the person that wrote the virus. The same thing COULD be done on a linux system too, should linus be held liable? Should the whole open source community be held liable?

    Your comment was stupid, I just wanted to point that out.

  4. Interm Solution by t0qer · · Score: 5, Insightful

    M$ sends an automated voice message out to all their subscibers. Either that or make all the access numbers just play this instead of sending any actual data.

    "Services will not be availiable today because of a virus that affects webtv users. The virus takes control of the webTV modem and causes it to dial 911. Please unplug your webtv unit from the phone line until we can fix the problem. Please call 555-1212 if you suspect your webtv has been affected"

    Clean up your mail servers. Install something to filter out the virus and any varients. Even the least tech savvy people will understand "It dials 911" and "Unplug your webtv"

    Just some advice.

    --toq

    1. Re:Interm Solution by t0qer · · Score: 4, Insightful

      I was for 7 years, the fact that lusers would never heed my warings, read the documentation, or flat out needed things repeated to them 20 times in a row made me decide to quit being the McDonalds coke and a smile "Hi How may I fix your computer today?"

      Near my 7th year, I became frustrated, started telling people how stupid I thought they were to their face (Usually after the 8th time of explaining something) And generally degraded into the self absorbed irritating prick that I am today.

      2 years later i'm still recovering. Where I used to fix my friends and families computers for free I now charge the shit outta them till they don't wanna come back. Everytime the phone rings my hair still stands up on end because i'm afraid of yet another person saying, "Hey toq just wanted to ask you a quick question!" No it's never a quick question, it's a gateway into a line of questioning not even the worse murderer would be subjected to in a police interregation.

      And you dare say was I ever a sysadmin, jeesh. I'd bet money I could w00p your arse in a contest of skills any day of the week. Trust me kid, you just haven't burned out yet, but you will. And when you do, that's where open source with the lack of stupid people and politics will be waiting.

      --toq

    2. Re:Interm Solution by Anonymous Coward · · Score: 1, Insightful
      M$ sends an automated voice message out to all their subscibers
      Price that out and tell me with a straight face that makes financial sense to call 1M users or more, even if they did compensate the 911 systems nationwide for their trouble. What about no answers blah blah?
      Either that or make all the access numbers just play this instead of sending any actual data.
      1) With the speaker off they're supposed to hear this how?

      2) They use VPOPs such as UUnet DAN, Sprint, and a patchwork of small ISPs. These access servers don't do voice. And what about users who bring their own ISP? Sure you can put up a "The WebTV network is down for maintenance" message up when a box logs on to the network, but that's still suboptimal and pissing off hundreds of thousands of users is not a choice a business makes lightly.

      It's much easier just to turn off the POP3 servers and strip all Javascript or suspect tags out of all mail on all the stores, OR push an update to the box that turns scripting off in email. Neither of these are easy and both of these will make someone somewhere unhappyIn any case, they'll probably have the problem licked in a matter of hours and some poor sots in Palo Alto or Mountain View will be working an extra long shift today.

      And learn how to spell "interim". Geez.

  5. Re:Liability? by Anonymous Coward · · Score: 1, Insightful

    Wow, that's such a bias. You have a.) A machine with microsoft software. b.) A user installing a virus. c.) The author of the virus. And you want to blame Microsoft? And the answer to most "Would I be liable for _____?" is it would be up to a jury of your peers. I think the Sept 11 example would work well for this. The terrorists took flight training classes, took over a plane, and then blew up some buildings. You have a.) Flight school training. b.) People letting the terrorists board. c.) The terrorist. I'm sure no jury would hold the flight school responsible. The government did blame bad airport screeners. Common sense put the terrorists mostly at fault. And you're there blaiming the flight school. Unless you think in a court case that Microsoft's security measures were so lax that they should be liable, and I doubt you would, then please don't blame them for what is clearly the fault of a programmer.

  6. How... timely by 0xdeadbeef · · Score: 4, Insightful

    This, right about the time ax-Microsoftie security snake oil salesman is harping about the dangers to our infrastructure because of the Internet, and when Microsoft is promoting Palladium as the solution to its MUA scripting bugs.

    Coincidence? Probably. But geez, you can bet they will spin this to their favor. Instead of apologizing for their incompetence, they will use it as evidence of the dangerous new world we live in, and request us to please bend over for all their new security initiatives.

    Our infrastructure is under threat from hacker terrorists! The free world is at stake! Join up at your NET Guard recruiting office now!

  7. Re:Nice troll. by kwishot · · Score: 4, Insightful

    You're dumb.

    If you translate the commands into hex and send it as a ping it works:
    ping -p 2b2b2b415448300d -c 5 xxx.xxx.xxx.xxx

    By the way, 2b2b2b415448300d = +++ATH0
    The modem receives the command and doesn't even pass it up to the "higher" networking layers so it's virtually untraceable, as well.

  8. Re:ATH0 by CaffeineAddict2001 · · Score: 3, Insightful

    wow, that's pretty scary.
    If you can make it hang up, can you make it dial (ATDT)?

    Imagine some goon on IRC makes your modem dial his number so he can grab it on CallerId and then harass you. :\

  9. Re:How much longer until 1-900? by Anonymous Coward · · Score: 1, Insightful

    Frankly, I'd rather it *had* dialed a 1-900 number instead of 911.

  10. My only hope... by erat · · Score: 5, Insightful

    ...is that the loser who made this all happen has a heartattack and can't get through to 911 emergency services because his/her own virus/hack/whatever is tying up the line.

    Sometimes these pranks go too far.

  11. The Big Question... by sterno · · Score: 4, Insightful

    If the person who wrote this virus has caused 911 to be tied up, and this has possibly caused somebody to die, would they be prosecutable under the new anti-hacker law that Congress put together?

    --
    This sig has been temporarily disconnected or is no longer in service
  12. And this is on a closed system by Animats · · Score: 4, Insightful
    This demonstrates the total failure of Microsoft's "authorized code" approach to security. WebTV is a completely closed system; it is designed to run only the code it comes with. Yet it has been cracked. None of the DRM-type "security" stuff Microsoft has been talking about would have prevented this.

    Since this apparently affects pre-Microsoft WebTV boxes, though, it may be in code from the original WebTV people in Palo Alto. But that was a long time ago. Microsoft owns it now, and has to take the blame.

    Is it actually running unauthorized code, or does the exploit just change what it dials?